Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 23 Feb 2016 22:33:50 -0500 (EST)
From: cve-assign@...re.org
To: carnil@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: Linux: unix: correctly track in-flight fds in sending process user_struct sockets

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=415e3d3e90ce9e18727e8843ae343eda5a58fad6

>> unix: correctly track in-flight fds in sending process user_struct

>> The commit referenced in the Fixes tag incorrectly accounted the
>> number of in-flight fds over a unix domain socket to the original
>> opener of the file-descriptor. This allows another process to
>> arbitrary deplete the original file-openers resource limit for the
>> maximum of open files.

Use CVE-2016-2550.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWzSRFAAoJEL54rhJi8gl5/bYP/0SCfyofv9HhFwaE/EYSj1/K
y607Cnxoe/9PPbLn1MxUQNCIBKvLUNR+tZqV9GUc1MrmbbKfOmyNKx0CMIl32Ewn
1S1OamdeEIQa+wZt2N2bhHFEBy7vUXl0+TGwbuSoqX/UsBcx9Rt7gCvgmb/FKvXV
UcCJB9T8zWEgCb179u8EWCNQ0qpC3PL8JNvymYjsVsc8BBKO053ZfvezBPm9eehD
J7vod7f4hzR3S1N74dwwGivNvGZj9XkX7QeRDG8lsT1hRbvtycMrR8Mxs5dnhrYT
9VnMuuSvdgllRCy+i/cDn3a2GNciCbt3rmlAcsUK/R+a/1kJJ6VGEPlCpWeZyZsp
jH7Pg4C9sy5j76RORH0uzp/ENvLtLHoGGY2kU8lAou7iEnQ1p35cXqpVNd2xOHas
HxypzRSO1t6x78hR9ZtbNT9wp3NZiDFADwhOE0nku7rUCEdLIl/ra0gByFwY/lbz
91Rea30jRVhp9mE21NBA2e7a3/QRU+xLIObuZDLu4HVEs9efh8GYmh0BveQsi9h7
5B4wiVZSb5rvdq5gN2/l65TXLN/CMQr+s0o7CZKobj6kDMZw7oCjffuLg4jP7rmN
QELmA4GOdF5lhirAZaFpqDwZy6uUYEahOlIxLO2fF9uaABOSf/kqQan3kcYdy8Mb
Yjf9+hopybnTS3V71UmI
=bAtP
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ